mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-22 15:40:19 +00:00
LibCore: Add Core::System::drop_privileges()
In a few places we intentionally drop privileges to reduce the potential security surface area of networked program, with the pattern of: ``` if (setgid(getgid()) || setuid(getuid()) { return 1; } ``` We can make this a bit nicer to use by creating a wrapper.
This commit is contained in:
parent
7403342387
commit
6eebd69b70
Notes:
sideshowbarker
2024-07-18 04:38:32 +09:00
Author: https://github.com/bgianfo Commit: https://github.com/SerenityOS/serenity/commit/6eebd69b70 Pull-request: https://github.com/SerenityOS/serenity/pull/13172 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/awesomekling Reviewed-by: https://github.com/ldm5180
2 changed files with 12 additions and 0 deletions
|
@ -726,6 +726,17 @@ ErrorOr<pid_t> setsid()
|
|||
return rc;
|
||||
}
|
||||
|
||||
ErrorOr<void> drop_privileges()
|
||||
{
|
||||
auto gid_result = setgid(getgid());
|
||||
auto uid_result = setuid(getuid());
|
||||
|
||||
if (gid_result.is_error() || uid_result.is_error())
|
||||
return Error::from_string_literal("Failed to drop privileges");
|
||||
|
||||
return {};
|
||||
}
|
||||
|
||||
ErrorOr<bool> isatty(int fd)
|
||||
{
|
||||
int rc = ::isatty(fd);
|
||||
|
|
|
@ -109,6 +109,7 @@ ErrorOr<void> setgid(gid_t);
|
|||
ErrorOr<void> setegid(gid_t);
|
||||
ErrorOr<void> setpgid(pid_t pid, pid_t pgid);
|
||||
ErrorOr<pid_t> setsid();
|
||||
ErrorOr<void> drop_privileges();
|
||||
ErrorOr<bool> isatty(int fd);
|
||||
ErrorOr<void> symlink(StringView target, StringView link_path);
|
||||
ErrorOr<void> mkdir(StringView path, mode_t);
|
||||
|
|
Loading…
Reference in a new issue